Papers & Documents & Patents

though, it’s important to remember that many documents and explicitly most RFCs are simply published
works-in-progress. See RFC2026. In terms of Patents, I’m regarding the ones below essentially as simply yet-more-pulications.)

• Authentication Methods for LDAP. M. Wahl, H. Alvestrand, J. Hodges, RL “Bob” Morgan. RFC 2829, May 2000.

• Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security.
  J. Hodges, R.L. Morgan, M. Wahl. RFC 2830, May 2000.

• Requirements and Approaches for a Publicly Visible Identifier for Person Entries in the Stanford University Enterprise Directory Service. Jeff Hodges, RL “Bob” Morgan, July 1998.

• Inter-Institutional Security Infrastructure: Analysis and Proposal. Authentication Project Planning Group Report, Common Solutions Group. T. Dimock, T. Hanss, J. Hodges (Editor), T. Ts’o, J. Vollbrecht. 26-Sep-1994.

• Updating local copy of shared data in a collaborative system. Sara A. Bly, Jeffery D. Hodges, Michael D. Kupfer, Brian T. Lewis, Michael L. Tallan, Stephen B. Tom, US05220657, 06/15/1993.

• Representation of collaborative multi-user activities relative to shared structured data objects in a networked workstation environment. Sara A. Bly, A. Brady Farrand, Jeffery D. Hodges, Michael D. Kupfer, Brian T. Lewis, William J. Maybury, Michael L. Tallan, Stephen B. Tom, US05008853, 04/16/1991.

• Shared Books: Collaborative Publication Management for an Office Information System, Brian T. Lewis, Jeffrey D. Hodges, ACM Conference on Office Information Systems, March 1988, Palo Alto, California. ACM 0-89791-261-6/88/0003/0197 (1MB .pdf)

Crypto/Security/Privacy Services & Tools (& some news) Resources ((mostly) commercial)…

• AdSubtract (by Internet Mute, Inc.) (block ads, cookies, mobile code, etc whilst surfing the web; see also JunkBusters)
• Anonymizer.com
  (nagware, but comes in handy)
• @Stake
  (Dan Geer + L0pht !)
• C2Net
  (crypto-enhanced Apache
  web servers)
• Card Technology Magazine
  (a Chicago-based magazine that covers the smart card industry.)
• Cerberus Information Security
  (A Uk-based info sec company)
• Computer Securty Institute
  - CSI
• Counterpane Internet Security
• Cryptography Research
  (Paul Kocher (a SSL co-author) et al.)
• CyberCop
  (Intrusion Detection suite, part of NAI’s suite of PGP-based products)
• Entrust Technologies
  (PKI implementation provider who is also quite active in the IETF, ITU X, etc. standards groups)
• Forum of Incident Response and Security Teams
  - FIRST
• Freedom.net
• The Freenet Project
  (anonymous Internet publishing & communications)
• Granite Island Group
  (”Technical Surveilance Countermeasures” – very innaresting stuff)
• ICSA.net
  (Reston, VA -based security consultancy, publishers of InfoSecurityMag, formerly National Computer Security Association – NCSA)
• JunkBusters
  (ditto to AdSubtract)
• Kroll O’Gara
  (Taher Elgamal & co.)
• LinuxSecurity.com
  (overall linux security resources & news)
• L0pht Heavy Industries
  (Mudge & co.)
• Lucent Personalized Web Assistant
• Onion-Routing
  (anonymous hot’n'cold running bits, militarily-sponsored project)
• PGP.Com
  (aka PGP Security, nee CyberCop (aka NAI), see CyberCop above)
• Publius
  (Censorship Resistant Publishing System)
• Rewebber: Anonymity in the World Wide Web
  (was: Janus; free for basic service)
• RSA Data Security
  (the Microsoft of the crypto world?)
• System Administrators’ Guild
  - SAGE
  (affiliated with USENIX)
• System Administration, Networking, and Security (SANS) Institute
  (sysad & security education, training, and certification)
• SecuriTeam
• SecurityFocus
• Smart Card Developer Association
• VeriSign
  (the Microsoft of the PKI world?)
• Xcert
  (a PKI
  solutions provider)
• ZDNet Enterprise –Security News
• Zedz Consultants
  (was: Replay Associates (Netherlands))
• Zero Knowledge Systems
  - ZKS, also FreeCrypto.Org
  (ZKS’s news & info site it seems)

• Anonymous Remailer FAQ
• For up-to-date pointers to anonymous remailer
  resources, do a.. finger rlist@anon.lcs.mit.edu ..from any system supporting finger.

Crypto Technology & Security (& some news) Resources ((mostly) non-commercial)…

• Advanced Encryption Standard (AES) Development Effort
• Advanced Web Programming
  (Richard Smith’s site with mucho info on Privacy & Security on the Internet)
• Anonymous Communications on the Internet
  (a special project of the Science and Policy Programs
  Directorate of the AAAS)
• Attrition.org
• Authorization
  and Trust Management
  Toolkits
  • Generic Authorization and Access control API
    (GAA-API)
  • Keynote Trust Management System
    (see also the Keynote page
    at UPenn Dept of Computer & Info Science)
  • OpenGroup Authorization API
    (”aznAPI” submitted by DASCOM)
• Because-We-Can.Com
• Black Hat Briefings
  (conference series)
• Bugtraq
  (the
  email distribution list for detailed
  discussion of security and exploits thereof)
• Center for Quantum Computation
  (at the bleeding edge of science and technology, with crypto applications)
• Common Data Secuity Architecture
  (CDSA; Intel’s security abstraction layer. )
• Computer Emergency Response Team (CERT)
  (part of the Software Engineering Institute
  of CMU)
• Computer Incident Advisory Capability (CIAC)
  (”Keeping DOE
  secure”)
• Computer Security Institute
• Crowds
  (an AT&T research project)
• Crypto Law Survey
  (a project of Bert-Jaap Koops)
• Cypher.Net
• CryptoGram
  (Bruce Schneier’s free cryto-news and -opinion newsletter. a must read, imho)
• Cryptix
  (an international volunteer effort to produce robust, open-source cryptographic software libraries.)
• Cryptlib
  (a widely-available crypto-library implementation by Peter Gutmann, free for non-commercial use, licenseable for commercial use)
• Crypto++
  (a widely-available crypto-library implementation by Wei Dai, with minimal no-cost license
  requirements)
• Cryptosavvy
  (very eye-opening research on the plausible longevity of the “security” of present typical key sizes)
• Cypherpunks Tonga
• DEFCON
  (hacker/cracker/cypherpunk convention & info source extrodinaire)
• Diceware.com
  (how to generate secure passphrases (aka passwords) yerself, includes many references to supporting material)
• Dis.org
  (a somewhat tight (?) hacker group with some innaresting info on their page. Check out their hilarious FAQ)
• Domain Name Buyer’s Guide
  (look here before deciding which registrar to use to register that spiffy new domain name you just thought up)
• eEye Digital Security
• Encryption and Security-related Resources
  (by Peter Gutmann)
• ERights.Org
• Extranet World
• Firewall Wizards
  (web-based archive of moderated email discussion list)
• GNU’s Not Unix! (world-famous open-source freeware underlying many, many systems and products in cyberspace, including GNU/Linux, including GNU Privacy Guard, which is an implementation of PGP)
• International Association for Cryptologic Research (IACR)
• International Financial Cryptography Association (IFCA)
• Insecure.org
  (exploits, vulnerabilities, news, etc.)
• MINDSEC
• National Infrastructure Protection Center (NIPC; Brought to you by the FBI
  et al)
• National Institute of Standards and Technology (NIST)
• Network Security Library
• OpenSSH
• OpenSSL
• ORBS
  – Open Relay Behaviour-modification System (Blowing the whistle on insecure mailservers worldwide.)
• Packet Storm
  - Internet Security Solutions
• The International Pretty Good Privacy (PGP) Home Page
• The Prehistory of Public Key Cryptography
  by Steven Bellovin.
• Ron Rivest’s:
  Overall Cryptography Resource Page
• RTFM.Com
  (security consutancy, home of PureTLS)
• Bruce Schneier’s Crypto Links
  page
• SecurityGeeks
  (Security, Crypto, and Privacy news brought to you by The Shmoo Group)
• Security Laboratory, CS Dept, Stanford University
• Security Management
  (magazine)
• Security Portal
  (security-oriented webzine, newletter publisher, and overall resource)
• Smartcard Developer Association
• Speak Freely
  (free, open source, encrypted-audio-over-the-Internet app)
• UK-crypto
  email distribution list archive
• Zedz
  – formerly Replay Associates

Miscelaneous Organizations

• Business Software Alliance
  (BSA) – has info on business use of crypto technologies, recommendations on handling keys, key lengths, etc.
• North American Network Operators’ Group
  (NANOG) – has archives of the nanog@merit.edu list

Analyst Organizations (mostly commercial)…

• The Burton Group (TBG)
  (distributed systems)
• Forrester Research
  (internet commerce)
• Jupiter Communications
  (internet commerce)
• METAGroup
  (distributed systems)

Certification Organizations

• International Information Systems Security Certification Consortium
  (ISC)І

Free Software/Open Source Resources…

• Apache.Org
• BSD.Org
• FreePatents.Org
• Free Software Foundation
• Internet Software Consortium
• Linux International
• Linux Online
• Mozilla.Org
• Nerd’s Heaven
  (not only “open source”, but also pretty-good-price, etc)
• OpenLDAP
• OpenSource.Org
• Project Gutenberg
• Sendmail.Org

Internet-enabled Financial & Monetary Systems & Info

• CyberCash
• The Internet Bearer Underwriting Corporation
• E-Gold

Journals…

• ACM Transactions on Information and System Security
  (A great resource of in-depth, peer-reviewed papers)
• Cyberspace Law Jounal
• f Ў ® s T – m o с d @ Ґ
  (peer-reviewed Internet-based journal, from folks at the University of Illinois @Chicago
  Libraries)
• Harvard Business Review
  (from Harvard, duh)
• Highwire Press
  (overall Internet resource for scientific journals, including Science, from folks at Stanford
  University Libraries)
• The Information Society
  (a referreed journal)
• Nature
  (The
  Nature)
• Stanford Technology Law Review
• Technology Review
  (from MIT)

Technology, Science, Society, and Law…

• Berkman Center for Internet and Society
  (at Harvard Law School)
• Crypto Law Survey
  (a project of Bert-Jaap Koops)
• Cyberspace Law Institute
  (an independent organization, but with ties to prominent law schools including Georgetown University Law Center)
• Interesting-People
  (an email distribution list project of Dave Farber’s at the Computer and Information Science Department
  of UPenn)
• Internet Law
  (a class at University of Miami School of Law, taught by Prof. Michael Froomkin)
• Law News Network
• The OpenLaw project
• Politech
  ( Declan McCullagh’s email distribution list and web page for info about tech, science, society, & law)
• QuickLinks
  (a project of Richard Swetenham’s. “Internet, information society, information content , Legal and regulatory aspects, market and technology”)
• Red Rock Eater News Service
  (a project of Phil Agre’s at the UCLA Department of Information Studies)
• Samsara’s Web Server
  (Maintained by and for Peter D. Junger, a Law Professor at Case Western Reserve University. Has a multitude of links to further resources, including much info on court cases testing the notion of computer software as 1st Amendment-protected speech.)
• School of Information Management & Systems
  (at University of California, Berkeley)
• Center for
  Social Informatics
  at Indiana University
  (has good set of links to related research efforts at other universities. Also note the Scholarly Communication and Information Technology
  project there. Rob Kling
  is the PI/Director of all.)
• Stanford Law and Technology Policy Center
  (at Stanford Law School)
• Tasty Bits from the Technology Front
  (a project of Keith Dawson’s. “Timely news of the bellwethers in computer and communications technology that will affect electronic commerce.”)
• Unit for Internet Studies
  (an independent organization with ties to European and American universities and companies)

News Resources (all kinds, some better’n'others, and better
is defined in the eye of the beholder)…

• 2600 Magazine
  (cracker/hacker mag)
• Attrition.org
• Chronicle of Higher Education
• Doctor Dobbs’ Jounal
• Domainz Global News
  (news petaining to the Domain Name System, the Internet’s glue)
• DNSPolicy.Net
  (ditto to Domainz Global News. In Slashdot style.)
• The Economist
• Federal Computer Week
• FEED
• FreeBSD Rocks
• Freshmeat
• Hacker News Network
  (a good source for security’n'hackin’ happenin’s)
• Intellectual Capital
• Kiro5hin.org
• Law News Network
• Mother Jones Interactive
• Need To Know
• Network Analysis Times
  (a pretty geeky sheet)
• NPR.org
  (great news resource, includes audio archives of Morning Edition
  and All Things Considered)
• OSALL
  (great resource on security and privacy and news re crackers’ doin’s)
• PBS.org
  (great news resource, includes free transcripts of the News Hour
  program)
• phrack
  (another cracker/hacker mag)
• The Progressive Review
• Red Herring
• Rootprompt.org
• RTMark
• The Register
• This is True
• Salon
• Seattle Weekly
• Segfault.Org
• Slashdot.Org
• Technology Review
  (from MIT)
• Telecom Digest
• User Friendly
• VooDoo
• Wired News

Bibliographies

• Bruce Schneier’s..
  • Index of Cryptography Papers Available Online
  • Index of Online Bibliographies
• The Collection of Computer Science Bibliographies
• Dictionary of Algorithms, Data Structures, and Problems
• The Hypertext Bibliography Project
• The Network Bibliography
  (a project of Henning Schulzrinne)
• ResearchIndex
  (a project by NEC Research Institute)
• The Unified Modeling Language (UML) Bibliography

Publishers

• Springer-Verlag
  • Lecture Notes In Computer Science
    (LNCS)
  • LNCS WWW-database
    (by subscription only, it seems)

No comments yet.

Leave a comment!